FortiWAN - Command injection vulnerability

2023-02-1600:00:00

FortiGuard Labs

www.fortiguard.com

improper neutralization special elements

os command

cwe-78

fortiwan

authenticated attacker

unauthorized commands

0.001 Low

EPSS

Percentile

49.4%

JSON

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

CPENameOperatorVersion
fortiwaneq4.5.9
fortiwaneq4.5.8
fortiwaneq4.5.7
fortiwaneq4.5.6
fortiwaneq4.5.5
fortiwaneq4.5.4
fortiwaneq4.5.3
fortiwaneq4.5.2
fortiwaneq4.5.1
fortiwaneq4.5.0

Name	Operator	Version
fortiwan	eq	4.5.9
fortiwan	eq	4.5.8
fortiwan	eq	4.5.7
fortiwan	eq	4.5.6
fortiwan	eq	4.5.5
fortiwan	eq	4.5.4
fortiwan	eq	4.5.3
fortiwan	eq	4.5.2
fortiwan	eq	4.5.1
fortiwan	eq	4.5.0

Rows per page:

1-10 of 291

0.001 Low

EPSS

Percentile

49.4%

JSON

Related for FG-IR-22-157